Credential provider + access token generate by another service #4720
Unanswered
luizgribeiro
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I've been searching for a way to have a unique access token being set by next-auth but generated by another service, so that it can be used both on client side and server side. Here follows a diagram of how the requests can and should be done
At this point I'm using the
authorizemethod fromCredentialProviderto make a request with credentials to the monolith and if everything is fine a Authorization Bearer Token is returned on a Set Cookie header and this is also configured in the response to be used on client side. Since this header will be present on future calls to the next app it can also be used bygetServersidePropsto make ssr.The main problem is that I still have a next-app header being set and this is the one used for session data and expiration time.
I also believe that this token shouldn't be stored in the session since by doing that it becomes accessible by JavaScript (which is not the case for httpOnly cookies).
Is there any alternatives that could be used in this case?
Beta Was this translation helpful? Give feedback.
All reactions